Equifax said that, out of an abundance of caution, the Atlanta company has taken the affected page offline, and it's looking into the matter.

A slew of federal agencies and state prosecutors are investigating Equifax. The company's former CEO, who left the company in the aftermath of the data breach, admitted to lawmakers earlier this month that a combination of human and technology failures enabled the cyber attack.

"This new announcement from Equifax is just Reason No. 10,000 why consumers should assume their personal information is already out there and act accordingly," said Matt Schulz, CreditCards.com's senior industry analyst. "It's a scary thing to wrap your brain around, but the truth is that you're better off assuming the worst and taking steps to protect yourself."

Jeff Williams, co-founder of Contrast Security, linked the latest hack to third-party software used by Equifax called Fireclick. "Basically, a very similar problem with two quite different pieces of code," he said.

"Anyone using the Fireclick library may have been affected, and the attackers may not even know that they compromised Equifax," Williams added.